SUSE-CU-2024:900-1: Security update of bci/openjdk

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Mar 11 15:32:58 UTC 2024 

SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:900-1
Container Tags        : bci/openjdk:17 , bci/openjdk:17-16.24 , bci/openjdk:latest
Container Release     : 16.24
Severity              : important
Type                  : security
References            : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161
-----------------------------------------------------------------

The container bci/openjdk was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:786-1
Released:    Wed Mar  6 21:07:20 2024
Summary:     Security update for giflib
Type:        security
Severity:    important
References:  1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161
This update for giflib fixes the following issues:

Update to version 5.2.2

* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* #138 Documentation for obsolete utilities still installed
* #139: Typo in 'LZW image data' page ('110_2 = 4_10')
* #140: Typo in 'LZW image data' page ('LWZ')
* #141: Typo in 'Bits and bytes' page ('filed')
* Note as already fixed SF issue #143: cannot compile under mingw
* #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
* #145: Remove manual pages installation for binaries that are not installed too
* #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
* #147 [PATCH] Fixes to doc/whatsinagif/ content
* #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no longer possible
* #151: A heap-buffer-overflow in gif2rgb.c:294:45
* #152: Fix some typos on the html documentation and man pages
* #153: Fix segmentation faults due to non correct checking for args
* #154: Recover the giffilter manual page
* #155: Add gifsponge docs
* #157: An OutofMemory-Exception or Memory Leak in gif2rgb
* #158: There is a null pointer problem in gif2rgb
* #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
* #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
* #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
* #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c


The following package changes have been done:

- libgif7-5.2.2-150000.4.13.1 updated
- container:sles15-image-15.0.0-36.11.10 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed
- cpio-2.13-150400.3.6.1 removed
- cracklib-2.9.7-11.6.1 removed
- cracklib-dict-small-2.9.7-11.6.1 removed
- diffutils-3.6-4.3.1 removed
- fillup-1.42-2.18 removed
- grep-3.1-150000.4.6.1 removed
- gzip-1.10-150200.10.1 removed
- krb5-1.20.1-150500.3.3.1 removed
- libaudit1-3.0.6-150400.4.13.1 removed
- libblkid1-2.37.4-150500.9.3.1 removed
- libbrotlicommon1-1.0.7-3.3.1 removed
- libbrotlidec1-1.0.7-3.3.1 removed
- libcap-ng0-0.7.9-4.37 removed
- libcom_err2-1.46.4-150400.3.3.1 removed
- libcrack2-2.9.7-11.6.1 removed
- libcrypt1-4.4.15-150300.4.7.1 removed
- libcurl4-8.0.1-150400.5.41.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libeconf0-0.5.2-150400.3.6.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libfdisk1-2.37.4-150500.9.3.1 removed
- libgcrypt20-1.9.4-150500.10.19 removed
- libgcrypt20-hmac-1.9.4-150500.10.19 removed
- libgpg-error0-1.42-150400.1.101 removed
- libidn2-0-2.2.0-3.6.1 removed
- libkeyutils1-1.6.3-5.6.1 removed
- libldap-2_4-2-2.4.46-150200.14.17.1 removed
- libldap-data-2.4.46-150200.14.17.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- libmount1-2.37.4-150500.9.3.1 removed
- libnghttp2-14-1.40.0-150200.12.1 removed
- libnsl2-1.2.0-2.44 removed
- libpopt0-1.16-3.22 removed
- libpsl5-0.20.1-150000.3.3.1 removed
- libsasl2-3-2.1.28-150500.1.1 removed
- libsemanage1-3.1-150400.1.65 removed
- libsepol1-3.1-150400.1.70 removed
- libsmartcols1-2.37.4-150500.9.3.1 removed
- libssh-config-0.9.8-150400.3.6.1 removed
- libssh4-0.9.8-150400.3.6.1 removed
- libsystemd0-249.17-150400.8.40.1 removed
- libtirpc-netconfig-1.3.4-150300.3.23.1 removed
- libtirpc3-1.3.4-150300.3.23.1 removed
- libunistring2-0.9.10-1.1 removed
- libutempter0-1.1.6-3.42 removed
- libverto1-0.2.6-3.20 removed
- libxml2-2-2.10.3-150500.5.14.1 removed
- libzstd1-1.5.0-150400.3.3.1 removed
- login_defs-4.8.1-150400.10.12.1 removed
- ncurses-utils-6.1-150000.5.20.1 removed
- pam-1.3.0-150000.6.66.1 removed
- perl-base-5.26.1-150300.17.14.1 removed
- permissions-20201225-150400.5.16.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- rpm-ndb-4.14.3-150400.59.7.1 removed
- sed-4.4-11.6 removed
- shadow-4.8.1-150400.10.12.1 removed
- sles-release-15.5-150500.43.4 removed
- system-group-hardware-20170617-150400.24.2.1 removed
- sysuser-shadow-3.2-150400.3.5.3 removed
- tar-1.34-150000.3.34.1 removed
- timezone-2023c-150000.75.23.1 removed
- util-linux-2.37.4-150500.9.3.1 removed

More information about the sle-container-updates mailing list